Cybersecurity Tips and Strategies

The requests, alerts and invitations arrive by text, email, messaging and phone call. They appear on websites and social media pages, such as Facebook and LinkedIn. The request may appear to come from a person where you work, asking you to please send a gift card. Or perhaps a text arrives asking you to confirm an expense on Amazon—followed by email reminders asking you to sign an attached document. Have you clicked on a message like that? If one of your accounts has been hacked or your identity used fraudulently, you are not alone. In a survey from the National Cybersecurity Alliance and CybSafe, among respondents willing to admit to being a victim of cybercrime, 24% reported identity theft and 36% reported phishing that led to a loss of money or data (Nurse et al. 2022). Turns out cybercriminals have a lot of tricks.

Human Behavior Is the Biggest Cybersecurity Risk

Most often, people let their attacker in. Human actions account for 82% of all data breaches, either because of responding to a phishing email or making an error or because an attacker stole credentials, such as a username and password (Verizon 2022).

Why do we humans fall for phishing scams? We’re busy and move fast without thinking. We fall for a good story or accept a plea to act urgently. People have a tendency to assume others are honest or that it’s a good deal—too hard to resist. It’s natural to help a friend or colleague or to be worried about an unauthorized charge on your bank account (Lameiras 2022; Freundlich 2021).

The first line of defense in cybersecurity against cyberattacks is to stop and think. “Cybercriminals use persuasive influencing techniques, and the [email or text] messages are often framed in terms of authority/urgency, loss/fines, gain/winning, sympathy/liking, as well as reciprocating a favor,” explains psychologist Inka Karppinen, PhD. “Phishing emails are specifically designed to evoke emotional responses . . . to entice us to take unsafe action without really thinking.”

Before answering any messages, Karppinen advises you to consider three questions:

1. What are you being asked to do (e.g., provide sensitive information, click on a link, call someone, open up an attachment) and why?
2. Did the message you received elicit an emotional response (good or bad)?
3. Be suspicious and ask yourself: What is someone trying to steal from me?

“Think before you act” is a good motto to follow.

See also: Protect Your Virtual Fitness Business

Warning Signs of a Cyberattack

According to a 2020 report from Verizon, 71% of data breaches are financially motivated. A data breach is any unauthorized access to a system with the intent to steal confidential information.

Many such breaches result from phishing expeditions (AmTrust Financial 2022; Sjouwerman 2022). Here’s what to be on the alert for on the phone and in emails, texts and other messages:

Messages About Money

• A request for a gift card, wire transfer or donation may seem to come from a friend or family member or from an authority figure, such as your employer or a representative from a club or association you belong to.
• A request for your bank account or online login information may be made under the premise that money needs to be transferred to your account.
• You may be asked to confirm an expense on an account or confirm account numbers.
• The message may say your account is about to be closed or that there are problems with taxes or Social Security payments.

Urgent Requests or Threats

• Urgent requests may be made for immediate contributions to help people following a disaster or to help an organization reach a fundraising goal.
• The message may threaten to close an account or cancel your email service unless you respond quickly.
• You may receive a threat to send an account to a bill collector, along with a link to follow up.

Emails from Businesses You Use and Work For

• Subject lines may state equipment or software needs an update or tell you there is an attached document to review and sign.
• Microsoft, Zoom or Google may appear to be requesting security codes or providing expiration notices.
• Delayed shipping notices from Amazon or shipping companies may be used to get you to click on a link or share credit card information.

Errors and Typos

• Look for a slightly misspelled address or name, poor grammar, broken links and other errors. Odds are a business won’t be sending you a document full of mistakes.
• Hover your mouse over the sender’s email address and see if it is the company’s. Sometimes a company name is woven in with extra words or characters to make it seem correct. Always verify the URL. 
• Check the sender’s email or caller ID against your contacts list, knowing that these may be false.

Tips for Foiling Phishers

• Do not call the phone number on a suspicious email. Look on their website and call that number instead.
• Do not click on a link. Use a browser to go to the website and follow up there.
• Do not reply directly to a suspicious email. Go to the company or agency’s website to check whether they ever send emails. Many will expressly state if they do not.
• Do not provide any account numbers, PINs or personal information to someone who reaches out to you.

Best Practices for Cybersecurity

For many fitness professionals and business owners, personal lives and work lives are intertwined on computers and mobile devices. Hybrid and in-person sessions, operations managed through cloud-based providers, personal news feeds, social media accounts and cute cat videos are on smartphones and laptops. Apply the basics of cybersecurity to both personal and business accounts (NAS 2022; Nurse et al. 2022; Union Bank 2022; FCC 2020).

Keep software updated. Software updates often contain security fixes or upgrades, which makes it worth updating quickly. An option is to set up programs to update automatically. A reliable antivirus software is a must-have for your computer and mobile devices. Keep antivirus software updated, too.

Use multifactor authentication (MFA). MFA uses security questions (e.g., “What is the maiden name of your mother’s mother?” or “What is the name of your first pet?”). Another option is to request a PIN sent to your text or separate email. The MFA verifies who you are and prevents unauthorized access to the account, device or network.

Regularly review online accounts. The quicker you spot a problem with a bank, business operation, email or social media account, the faster you can take action to halt misuse. Set a day each week to check for unauthorized activity. Enroll in a credit reporting service, such as Experian, Equifax or TransUnion.

Back up data. Save all your data on a regular basis. If an account is hacked, you still have access. An external hard drive, online cloud storage and paper printouts are options.

See also: Client Confidentiality Is Crucial

Password Protection Suggestions for Cybersecurity

Many people use the same short password for each account—often one that’s based on their child’s name or a birthday, because it is easy to remember. Hackers know this. Passwords and other knowledge-based credentials are the cause of over 80% of data breaches, according to the 2022 Verizon report. The solution? Use a separate complex password for each account. Here are a few ways to create them:

Mix up placement of capitals and numerals. One professional password hacker explained that if a password is required to have a number and capital letter, most people will put the uppercase letter first and the number last. It’s a pattern hackers can follow (Angwin 2022).

Use a password generator. Strong passwords are 16 characters in length with a combination of capital and lowercase letters and symbols. Creating a password of that quality for each account may seem daunting, but that’s where a password generator helps. Password generators use an algorithm to generate a random series of letters and numbers.

Use a password manager. A password manager (a web search will find several options) can generate a password, encrypt it and store it. You then use one single “master password” (or your thumbprint) to access the different passwords you will use (Rubenking 2022; National Cyber Security Centre 2021).

Generate your own random passwords. Another approach is the random word technique recommended by CybSafe, says Karppinen. Choose three unrelated words, and add some capitals and special characters. You can check the security of your password selection at Security.org’s “How Secure Is My Password?” page.

Apply password protection to voicemail, too. Hackers can intercept two-factor authentication PINs sent via voice. Business voicemail messages can also be intercepted. The scammer spoofs the business name, replies to callers and asks for payment or personal information (FCC 2022).

What to Do If You’ve Been Hacked

If you become the victim of a cyberattack, there are immediate steps to take to increase your cybersecurity (FTC n.d.; Steinberg 2020).

Change your passwords. Immediately replace current passwords with new, complex ones. Never use the old passwords again.

Notify affected parties. Immediately report the incident to the individuals or companies that may be impacted by the hack.

Access your credit report. Check for unauthorized transactions to see if identity thieves opened credit cards in your name. Phone the fraud department of each card company to report unauthorized charges and cancel existing or unauthorized cards.

Also place a fraud alert and/or credit freeze on your credit file.

Check financial entities. Look for unauthorized transactions here, too. Inform your bank or banks immediately. You may need to close current accounts and open new ones. If you have creditors, telephone them and speak to the fraud department.

File both a fraud report and a police report. These reports list details and are proof that the fraud was committed. You may need these later if your credit or identity is questioned. Plus, you are helping others by providing information that financial, security and other types of organizations need to develop systems to counteract cyberattacks.

Here are a few places you can file:

• Report an online or internet-enabled crime to the FBI Internet Crime Complaint Center (IC3) at ic3.gov/.
• Report a scam, company (e.g., for false advertising) or price gouging to Fight Fraud at the Federal Trade Commission at ReportFraud.ftc.gov.
• Report a cyber incident to the Canadian Centre for Cyber Security at cyber.gc.ca/en/incident-
  management.
• Report an online cybercrime to the European Union Agency for Law Enforcement Cooperation at europol.europa.eu/report-a-crime/report-cybercrime-online.

Stay Cybersecurity Safe Online

Hackers are highly invested in tricking people like you and your clients out of your hard-earned money. The technical actions and strategies in this article can help you mitigate the risks, but even more important are your everyday actions. Cybersecurity experts are unanimous in stating that it is predominantly humans and human error that enable cybercriminals to enter our systems. Stop and think before sharing personal details, look carefully at communications before you act, and double-check your passwords and account statements regularly. As with health and fitness, putting in the effort day by day and month by month is the best path to success!